package com.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * 让shiro自己去做密码比对
 */
public class MyRealmMD5ByShiro extends AuthorizingRealm {

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //拿到用户输入的账号密码
        String userName = (String) token.getPrincipal();

        String password = new String((char[]) token.getCredentials());

        //通过userName到数据库中查询密码
        // 根据用户输入的用户去数据库中查询密码 这一步没法省略的 shiro是做不了的 虽然JdbcRealm 但是也是自定义的realm
        String password_db = getPasswordByUserName(userName);

        //将数据库查询的密码放到SimpleAuthenticationInfo shiro会自己调用加密算法 和用户输入的密码进行比对
        return new SimpleAuthenticationInfo(userName,password_db,getName());
    }

    public String getPasswordByUserName(String userName){
        return "e10adc3949ba59abbe56e057f20f883e";
    }

}
